diff options
| author | Jeff Leung <jleung@v10networks.ca> | 2015-12-06 03:12:18 -0500 |
|---|---|---|
| committer | Jeff Leung <jleung@v10networks.ca> | 2015-12-06 03:12:18 -0500 |
| commit | 9e5c1863dde4762120d52f851d25178d8be5bb24 (patch) | |
| tree | 76ba86b3540c59268da6435bd32fd10ee561f1b9 /scripts | |
| parent | 209d0ae7650cb76a18feedaf75052eb03036c184 (diff) | |
| parent | 5c1672341b33dc726da5d7845725bd74e3cc7cb6 (diff) | |
| download | vyatta-cfg-vpn-9e5c1863dde4762120d52f851d25178d8be5bb24.tar.gz vyatta-cfg-vpn-9e5c1863dde4762120d52f851d25178d8be5bb24.zip | |
Merge branch 'lithium' into lithium-strongswan5
Conflicts:
templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def
templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def
Get the GCM and ChaCha20+Poly1305 ciphers to play nice with each other
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/vpn-config.pl | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 3f953b3..4267564 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -371,7 +371,22 @@ if ($vcVPN->exists('ipsec')) { $dhcp_if = $dhcp_if + 1; $lip = get_dhcp_addr($dhcp_iface, $peer); } - my $authid =$vcVPN->returnValue("ipsec site-to-site peer $peer authentication id"); + + # Get the local ID + my $authid = undef; + my $authidfromcert = undef; + if ($vcVPN->exists("ipsec site-to-site peer $peer authentication use-x509-id")) { + if ($vcVPN->exists("ipsec site-to-site peer $peer authentication id")) { + vpn_die(["vpn", "ipsec", "site-to-site", "peer", $peer], "Manually set peer id and use-x509-id are mutually exclusive"); + } + else { + $authidfromcert = 1; + } + } + else { + $authid =$vcVPN->returnValue("ipsec site-to-site peer $peer authentication id"); + } + my $authremoteid = $vcVPN->returnValue("ipsec site-to-site peer $peer authentication remote-id"); if ((!defined($lip) || $lip eq "") && (!defined($dhcp_iface) || $dhcp_iface eq "")) { vpn_die(["vpn","ipsec","site-to-site","peer",$peer,"local-address"],"$vpn_cfg_err No local-address specified for peer \"$peer\"\n"); @@ -483,7 +498,12 @@ if ($vcVPN->exists('ipsec')) { } else { $genout .= "\tleft=$lip\n"; } - $genout .= "\tleftid=\"$authid\"\n" if defined $authid; + if (defined($authidfromcert)) { + $genout .= "\tleftid=%fromcert\n"; + } + else { + $genout .= "\tleftid=\"$authid\"\n" if defined $authid; + } } # @SM Todo: must have explicit settings for VTI. |